public async Task KeyVaultSecretProvider_WithUserAssignedManagedIdentity_GetSecret_NonExistingSecret_ThrowsSecretNotFoundException()
{
// Arrange
var keyVaultUri = Configuration.GetValue <string>("Arcus:KeyVault:Uri");
string tenantId = Configuration.GetTenantId();
string clientId = Configuration.GetServicePrincipalClientId();
string clientKey = Configuration.GetServicePrincipalClientSecret();
using (TemporaryEnvironmentVariable.Create(Constants.AzureTenantIdEnvironmentVariable, tenantId))
using (TemporaryEnvironmentVariable.Create(Constants.AzureServicePrincipalClientIdVariable, clientId))
using (TemporaryEnvironmentVariable.Create(Constants.AzureServicePrincipalClientSecretVariable, clientKey))
{
var notExistingSecretName = $"secret-{Guid.NewGuid():N}";
var keyVaultSecretProvider = new KeyVaultSecretProvider(
tokenCredential: new ChainedTokenCredential(new ManagedIdentityCredential(clientId), new EnvironmentCredential()),
vaultConfiguration: new KeyVaultConfiguration(keyVaultUri));
// Assert
await Assert.ThrowsAsync <SecretNotFoundException>(async() =>
{
// Act
await keyVaultSecretProvider.GetSecretAsync(notExistingSecretName);
});
}
}
public async Task KeyVaultSecretProvider_WithUserAssignedManagedIdentity_GetSecret_Succeeds()
{
// Arrange
var keyVaultUri = Configuration.GetValue <string>("Arcus:KeyVault:Uri");
string tenantId = Configuration.GetTenantId();
string clientId = Configuration.GetServicePrincipalClientId();
string clientKey = Configuration.GetServicePrincipalClientSecret();
var secretName = Configuration.GetValue <string>("Arcus:KeyVault:TestKeyName");
using (TemporaryEnvironmentVariable.Create(Constants.AzureTenantIdEnvironmentVariable, tenantId))
using (TemporaryEnvironmentVariable.Create(Constants.AzureServicePrincipalClientIdVariable, clientId))
using (TemporaryEnvironmentVariable.Create(Constants.AzureServicePrincipalClientSecretVariable, clientKey))
{
var keyVaultSecretProvider = new KeyVaultSecretProvider(
tokenCredential: new ChainedTokenCredential(new ManagedIdentityCredential(clientId), new EnvironmentCredential()),
vaultConfiguration: new KeyVaultConfiguration(keyVaultUri));
// Act
Secret secret = await keyVaultSecretProvider.GetSecretAsync(secretName);
// Assert
Assert.NotNull(secret);
Assert.NotNull(secret.Value);
Assert.NotNull(secret.Version);
}
}
public async Task KeyVaultSecretProvider_StoreSecret_Succeeds()
{
// Arrange
var keyVaultUri = Configuration.GetValue <string>("Arcus:KeyVault:Uri");
string tenantId = Configuration.GetTenantId();
string clientId = Configuration.GetServicePrincipalClientId();
string clientKey = Configuration.GetServicePrincipalClientSecret();
var secretName = $"Test-Secret-{Guid.NewGuid()}";
var secretValue = Guid.NewGuid().ToString();
using (TemporaryEnvironmentVariable.Create(Constants.AzureTenantIdEnvironmentVariable, tenantId))
using (TemporaryEnvironmentVariable.Create(Constants.AzureServicePrincipalClientIdVariable, clientId))
using (TemporaryEnvironmentVariable.Create(Constants.AzureServicePrincipalClientSecretVariable, clientKey))
{
var keyVaultSecretProvider = new KeyVaultSecretProvider(
tokenCredential: new ChainedTokenCredential(new ManagedIdentityCredential(clientId), new EnvironmentCredential()),
vaultConfiguration: new KeyVaultConfiguration(keyVaultUri));
var cachedSecretProvider = new KeyVaultCachedSecretProvider(keyVaultSecretProvider);
// Act
Secret secret = await cachedSecretProvider.StoreSecretAsync(secretName, secretValue);
// Assert
Assert.NotNull(secret);
Assert.NotNull(secret.Value);
Assert.NotNull(secret.Version);
Secret fetchedSecret = await cachedSecretProvider.GetSecretAsync(secretName);
Assert.Equal(secretValue, fetchedSecret.Value);
Assert.Equal(secret.Version, fetchedSecret.Version);
Assert.Equal(secret.Expires, fetchedSecret.Expires);
}
}
public async Task ConfigureSecretStore_AddEnvironmentVariablesWithOptions_UsesEnvironmentVariableSecrets()
{
// Arrange
string secretKey = "MySecret";
string expected = $"secret-{Guid.NewGuid()}";
var builder = new HostBuilder();
using (TemporaryEnvironmentVariable.Create(secretKey, expected))
{
// Act
builder.ConfigureSecretStore((config, stores) =>
{
stores.AddEnvironmentVariables(target: EnvironmentVariableTarget.Process, prefix: null, name: null, mutateSecretName: null);
});
// Assert
IHost host = builder.Build();
var provider = host.Services.GetRequiredService <ISecretProvider>();
string actual = await provider.GetRawSecretAsync(secretKey);
Assert.Equal(expected, actual);
}
}
public void LogEventWithPodNameProperty_WithKubernetesEnricher_HasEnvironmentInformation()
{
// Arrange
string expectedPodName = $"pod-{Guid.NewGuid()}";
string ignoredPodName = $"pod-{Guid.NewGuid()}";
var spy = new InMemoryLogSink();
ILogger logger = new LoggerConfiguration()
.Enrich.With <KubernetesEnricher>()
.WriteTo.Sink(spy)
.CreateLogger();
using (TemporaryEnvironmentVariable.Create(PodNameVariable, ignoredPodName))
{
// Act
logger.Information("This log even already has a Kubernetes PodName {PodName}", expectedPodName);
}
// Assert
LogEvent logEvent = Assert.Single(spy.CurrentLogEmits);
Assert.NotNull(logEvent);
Assert.True(logEvent.ContainsProperty(ContextProperties.Kubernetes.PodName, expectedPodName), "Log event should contain pod name property");
Assert.DoesNotContain(logEvent.Properties, prop => prop.Key == ContextProperties.Kubernetes.NodeName);
Assert.DoesNotContain(logEvent.Properties, prop => prop.Key == ContextProperties.Kubernetes.Namespace);
}
public void LogEvent_WithKubernetesEnricher_HasEnvironmentInformation()
{
// Arrange
string nodeName = $"node-{Guid.NewGuid()}";
string podName = $"pod-{Guid.NewGuid()}";
string @namespace = $"namespace-{Guid.NewGuid()}";
var spy = new InMemoryLogSink();
ILogger logger = new LoggerConfiguration()
.Enrich.With <KubernetesEnricher>()
.WriteTo.Sink(spy)
.CreateLogger();
using (TemporaryEnvironmentVariable.Create(NodeNameVariable, nodeName))
using (TemporaryEnvironmentVariable.Create(PodNameVariable, podName))
using (TemporaryEnvironmentVariable.Create(NamespaceVariable, @namespace))
{
// Act
logger.Information("This log event should be enriched with Kubernetes information");
}
// Assert
LogEvent logEvent = Assert.Single(spy.CurrentLogEmits);
Assert.NotNull(logEvent);
Assert.True(logEvent.ContainsProperty(ContextProperties.Kubernetes.NodeName, nodeName), "Log event should contain node name property");
Assert.True(logEvent.ContainsProperty(ContextProperties.Kubernetes.PodName, podName), "Log event should contain pod name property");
Assert.True(logEvent.ContainsProperty(ContextProperties.Kubernetes.Namespace, @namespace), "Log event should contain namespace property");
}
public async Task ServiceBusQueueMessagePumpUsingManagedIdentity_PublishServiceBusMessage_MessageSuccessfullyProcessed()
{
// Arrange
var config = TestConfig.Create();
string connectionString = config.GetServiceBusConnectionString(ServiceBusEntityType.Queue);
ServiceBusConnectionStringProperties properties = ServiceBusConnectionStringProperties.Parse(connectionString);
ServicePrincipal servicePrincipal = config.GetServiceBusServicePrincipal();
string tenantId = config.GetTenantId();
using (TemporaryEnvironmentVariable.Create(EnvironmentVariables.AzureTenantId, tenantId))
using (TemporaryEnvironmentVariable.Create(EnvironmentVariables.AzureServicePrincipalClientId, servicePrincipal.ClientId))
using (TemporaryEnvironmentVariable.Create(EnvironmentVariables.AzureServicePrincipalClientSecret, servicePrincipal.ClientSecret))
{
var options = new WorkerOptions();
options.AddEventGridPublisher(config)
.AddServiceBusQueueMessagePumpUsingManagedIdentity(
queueName: properties.EntityPath,
serviceBusNamespace: properties.FullyQualifiedNamespace,
clientId: servicePrincipal.ClientId,
configureMessagePump: opt => opt.AutoComplete = true)
.WithServiceBusMessageHandler <OrdersAzureServiceBusMessageHandler, Order>();
// Act
await using (var worker = await Worker.StartNewAsync(options))
await using (var service = await TestMessagePumpService.StartNewAsync(config, _logger))
{
// Assert
await service.SimulateMessageProcessingAsync(connectionString);
}
}
}
public async Task KeyVaultSecretProvider_StoreSecret_Succeeds()
{
// Arrange
var keyVaultUri = Configuration.GetValue <string>("Arcus:KeyVault:Uri");
var connectionString = Configuration.GetValue <string>("Arcus:MSI:AzureServicesAuth:ConnectionString");
var secretName = $"Test-Secret-{Guid.NewGuid()}";
var secretValue = Guid.NewGuid().ToString();
var keyVaultSecretProvider = new KeyVaultSecretProvider(
authentication: new ManagedServiceIdentityAuthentication(),
vaultConfiguration: new KeyVaultConfiguration(keyVaultUri));
using (TemporaryEnvironmentVariable.Create(KeyVaultConnectionStringEnvironmentVariable, connectionString))
{
// Act
Secret secret = await keyVaultSecretProvider.StoreSecretAsync(secretName, secretValue);
// Assert
Assert.NotNull(secret);
Assert.NotNull(secret.Value);
Assert.NotNull(secret.Version);
Secret fetchedSecret = await keyVaultSecretProvider.GetSecretAsync(secretName);
Assert.Equal(secretValue, fetchedSecret.Value);
Assert.Equal(secret.Version, fetchedSecret.Version);
Assert.Equal(secret.Expires, fetchedSecret.Expires);
}
}
public async Task ConfigureSecretStore_AddEnvironmentVariables_UsesEnvironmentVariableSecrets()
{
// Arrange
string secretKey = "MySecret";
string secretValue = $"secret-{Guid.NewGuid()}";
var builder = new HostBuilder();
using (TemporaryEnvironmentVariable.Create(secretKey, secretValue))
{
// Act
builder.ConfigureSecretStore((config, stores) => stores.AddEnvironmentVariables());
// Assert
IHost host = builder.Build();
var provider = host.Services.GetRequiredService <ISecretProvider>();
Assert.Equal(secretValue, await provider.GetRawSecretAsync(secretKey));
}
}
public async Task ConfigureSecretStore_AddEnvironmentVariablesWithPrefix_CantFindEnvironmentVariableWithPrefix()
{
// Arrange
string unknownPrefix = "UNKNOWN_";
string secretKey = "MySecret";
var builder = new HostBuilder();
using (TemporaryEnvironmentVariable.Create(secretKey, value: $"secret-{Guid.NewGuid()}"))
{
// Act
builder.ConfigureSecretStore((config, stores) => stores.AddEnvironmentVariables(prefix: unknownPrefix));
// Assert
IHost host = builder.Build();
var provider = host.Services.GetRequiredService <ISecretProvider>();
await Assert.ThrowsAsync <SecretNotFoundException>(() => provider.GetRawSecretAsync(secretKey));
}
}
public async Task ConfigureSecretStore_AddEnvironmentVariablesWithWrongMutation_CantFindEnvironmentVariable()
{
// Arrange
var builder = new HostBuilder();
using (TemporaryEnvironmentVariable.Create("ARCUS_ENVIRONMENT_SECRET", Guid.NewGuid().ToString()))
{
// Act
builder.ConfigureSecretStore((config, stores) =>
{
stores.AddEnvironmentVariables(mutateSecretName: name => name.Replace("_", "."));
});
// Assert
IHost host = builder.Build();
var provider = host.Services.GetRequiredService <ISecretProvider>();
await Assert.ThrowsAsync <SecretNotFoundException>(() => provider.GetSecretAsync("ARCUS_ENVIRONMENT_SECRET"));
}
}
public async Task KeyVaultSecretProvider_WithDefaultManagedServiceIdentity_GetSecret_NonExistingSecret_ThrowsSecretNotFoundException()
{
// Arrange
var keyVaultUri = Configuration.GetValue <string>("Arcus:KeyVault:Uri");
var connectionString = Configuration.GetValue <string>("Arcus:MSI:AzureServicesAuth:ConnectionString");
var notExistingSecretName = $"secret-{Guid.NewGuid():N}";
var keyVaultSecretProvider = new KeyVaultSecretProvider(
authentication: new ManagedServiceIdentityAuthentication(),
vaultConfiguration: new KeyVaultConfiguration(keyVaultUri));
using (TemporaryEnvironmentVariable.Create(KeyVaultConnectionStringEnvironmentVariable, connectionString))
{
// Assert
await Assert.ThrowsAsync <SecretNotFoundException>(async() =>
{
// Act
await keyVaultSecretProvider.GetSecretAsync(notExistingSecretName);
});
}
}
public async Task KeyVaultSecretProvider_WithDefaultManagedServiceIdentity_GetSecret_Succeeds()
{
// Arrange
var keyVaultUri = Configuration.GetValue <string>("Arcus:KeyVault:Uri");
var connectionString = Configuration.GetValue <string>("Arcus:MSI:AzureServicesAuth:ConnectionString");
var secretName = Configuration.GetValue <string>("Arcus:KeyVault:TestKeyName");
var keyVaultSecretProvider = new KeyVaultSecretProvider(
authentication: new ManagedServiceIdentityAuthentication(),
vaultConfiguration: new KeyVaultConfiguration(keyVaultUri));
using (TemporaryEnvironmentVariable.Create(KeyVaultConnectionStringEnvironmentVariable, connectionString))
{
// Act
Secret secret = await keyVaultSecretProvider.GetSecretAsync(secretName);
// Assert
Assert.NotNull(secret);
Assert.NotNull(secret.Value);
Assert.NotNull(secret.Version);
}
}
public async Task LogEventWithKubernetesInfo_SinksToApplicationInsights_ResultsInTelemetryWithKubernetesInfo()
{
// Arrange
string nodeName = $"node-{Guid.NewGuid()}";
string podName = $"pod-{Guid.NewGuid()}";
string @namespace = $"namespace-{Guid.NewGuid()}";
var message = "This message will have Kubernetes information";
using (TemporaryEnvironmentVariable.Create(KubernetesEnricher.NodeNameVariable, nodeName))
using (TemporaryEnvironmentVariable.Create(KubernetesEnricher.PodNameVariable, podName))
using (TemporaryEnvironmentVariable.Create(KubernetesEnricher.NamespaceVariable, @namespace))
using (ILoggerFactory loggerFactory = CreateLoggerFactory(config => config.Enrich.WithKubernetesInfo()))
{
ILogger logger = loggerFactory.CreateLogger <ApplicationInsightsSinkTests>();
// Act
logger.LogInformation(message);
}
// Assert
using (ApplicationInsightsDataClient client = CreateApplicationInsightsClient())
{
await RetryAssertUntilTelemetryShouldBeAvailableAsync(async() =>
{
EventsResults <EventsTraceResult> traceEvents = await client.Events.GetTraceEventsAsync(ApplicationId, filter: OnlyLastHourFilter);
Assert.Contains(traceEvents.Value, trace =>
{
return(message == trace.Trace.Message &&
trace.CustomDimensions.TryGetValue(ContextProperties.Kubernetes.NodeName, out string actualNodeName) &&
nodeName == actualNodeName &&
trace.CustomDimensions.TryGetValue(ContextProperties.Kubernetes.PodName, out string actualPodName) &&
podName == actualPodName &&
trace.CustomDimensions.TryGetValue(ContextProperties.Kubernetes.Namespace, out string actualNamespace) &&
@namespace == actualNamespace);
});
});
}
}
public void LogEventWithCustomNamespacePropertyName_WithKubernetesEnricher_HasEnvironmentInformation()
{
// Arrange
string expected = $"namespace-{Guid.NewGuid()}";
string propertyName = $"namespace-name-{Guid.NewGuid():N}";
var spy = new InMemoryLogSink();
ILogger logger = new LoggerConfiguration()
.Enrich.WithKubernetesInfo(namespacePropertyName: propertyName)
.WriteTo.Sink(spy)
.CreateLogger();
using (TemporaryEnvironmentVariable.Create(NamespaceVariable, expected))
{
// Act
logger.Information("This log event should contain the custom configured Kubernetes property");
}
// Assert
LogEvent logEvent = Assert.Single(spy.CurrentLogEmits);
Assert.NotNull(logEvent);
Assert.True(logEvent.ContainsProperty(propertyName, expected), $"Log event contain property '{propertyName}' with value '{expected}'");
}
public async Task ConfigureSecretStore_AddEnvironmentVariablesWithDotsToUpperAndUnderscores_FindsEnvironmentVariable()
{
// Arrange
string expected = $"secret-{Guid.NewGuid()}";
var builder = new HostBuilder();
using (TemporaryEnvironmentVariable.Create("ARCUS_ENVIRONMENT_SECRET", expected))
{
// Act
builder.ConfigureSecretStore((config, stores) =>
{
stores.AddEnvironmentVariables(mutateSecretName: name => name.ToUpper().Replace(".", "_"));
});
// Assert
IHost host = builder.Build();
var provider = host.Services.GetRequiredService <ISecretProvider>();
string actual = await provider.GetRawSecretAsync("Arcus.Environment.Secret");
Assert.Equal(expected, actual);
}
}
public async Task ConfigureSecretStore_AddEnvironmentVariablesWithPrefix_UsesEnvironmentVariableSecrets()
{
// Arrange
string prefix = "ARCUS_";
string secretKey = prefix + "MySecret";
string expected = $"secret-{Guid.NewGuid()}";
var builder = new HostBuilder();
using (TemporaryEnvironmentVariable.Create(secretKey, expected))
{
// Act
builder.ConfigureSecretStore((config, stores) => stores.AddEnvironmentVariables(prefix: prefix));
// Assert
IHost host = builder.Build();
var provider = host.Services.GetRequiredService <ISecretProvider>();
string nonPrefixedSecret = secretKey.Substring(prefix.Length);
string actual = await provider.GetRawSecretAsync(nonPrefixedSecret);
Assert.Equal(expected, actual);
}
}
